XFree86 is an implementation of the X Window System, which provides thecore functionality for the Linux graphical desktop.

An input validation flaw was discovered in X.org's Security and Recordextensions. A malicious authorized client could exploit this issue to causea denial of service (crash) or, potentially, execute arbitrary code withroot privileges on the X.Org server. (CVE-2008-1377)

An integer overflow flaw was found in X.org's Render extension. A maliciousauthorized client could exploit this issue to cause a denial of service(crash) or, potentially, execute arbitrary code with root privileges on theX.Org server. (CVE-2008-2360)

An input validation flaw was discovered in X.org's MIT-SHM extension. Aclient connected to the X.org server could read arbitrary server memory.This could result in the sensitive data of other users of the X.org serverbeing disclosed. (CVE-2008-1379)

Users of XFree86 are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188